Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/BcSPafcxK30QSTwRO7p7p-qBE08.roa
File: BcSPafcxK30QSTwRO7p7p-qBE08.roa (raw, json)
Hash identifier: /XwIGemyo6Oc5UYteZDaODrDktMNJFVS3fYnLpeN0Lw=
Subject key identifier: 05:C4:8F:69:F7:31:2B:7D:10:49:3C:11:3B:BA:7B:A7:EA:81:13:4F
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 1AA6D49B
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/BcSPafcxK30QSTwRO7p7p-qBE08.roa
Signing time: Sat 01 Jan 2022 16:02:59 +0000
ROA not before: Sat 01 Jan 2022 16:02:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6453
IP address blocks: 176.236.0.0/16 maxlen: 24
85.153.128.0/17 maxlen: 24
212.252.0.0/15 maxlen: 24
213.74.0.0/16 maxlen: 24
176.88.0.0/16 maxlen: 24
217.131.0.0/16 maxlen: 24
213.14.207.0/24 maxlen: 24
195.33.192.0/18 maxlen: 24
176.232.0.0/14 maxlen: 24
213.14.0.0/16 maxlen: 24
213.254.128.0/19 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 447141019 (0x1aa6d49b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 16:02:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=05c48f69f7312b7d10493c113bba7ba7ea81134f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:51:32:14:22:b9:01:98:69:5c:d8:1d:b7:24:
03:14:5a:90:0d:74:26:cb:c5:2b:55:82:19:4f:2c:
85:ee:6b:6c:3e:1b:4c:83:a8:e4:d8:68:95:41:f5:
84:f5:d8:7f:af:6d:50:f6:e8:61:46:58:18:65:d5:
f9:04:f9:29:c9:58:e4:26:e0:c9:6b:37:f3:13:42:
e1:88:75:fb:c4:ab:5c:14:a3:2a:84:2c:c1:b6:df:
f0:cf:de:0c:3b:42:ba:35:1a:43:7e:57:d6:b1:a0:
9c:ad:62:04:b4:e6:a7:69:5c:4c:f8:01:b4:38:fd:
02:1f:bb:f7:d0:12:42:0e:13:dd:c1:a9:61:24:b7:
bc:d1:bc:e8:b5:02:fa:af:da:7a:67:cf:a7:72:c2:
8d:a0:6b:64:5a:b4:08:89:45:5d:e9:74:73:59:f9:
e2:50:2a:81:f7:6c:5d:a3:51:24:66:ca:79:43:e5:
7a:08:8f:f4:a9:76:80:da:cd:73:ec:60:fa:00:95:
31:40:46:2c:fb:8f:76:2e:c6:44:dc:b1:ad:2f:0a:
5f:44:6e:5a:dc:39:49:8f:37:5e:a3:cd:cf:26:f2:
bc:78:38:6f:9f:de:74:00:a9:f0:5f:ad:69:0e:66:
3f:da:59:c1:30:25:43:04:61:0e:03:74:89:89:1f:
07:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C4:8F:69:F7:31:2B:7D:10:49:3C:11:3B:BA:7B:A7:EA:81:13:4F
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/BcSPafcxK30QSTwRO7p7p-qBE08.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.128.0/17
176.88.0.0/16
176.232.0.0-176.236.255.255
195.33.192.0/18
212.252.0.0/15
213.14.0.0/16
213.74.0.0/16
213.254.128.0/19
217.131.0.0/16
Signature Algorithm: sha256WithRSAEncryption
29:6e:b1:e5:04:49:e6:b5:4a:1f:c3:4b:83:83:cf:19:12:14:
d5:ed:2d:e2:c6:8e:24:b6:03:95:74:02:af:2b:18:5b:70:c8:
b3:af:73:4a:d7:6a:a6:43:e4:c2:9e:4a:88:4c:3e:c5:91:3f:
bf:01:ab:87:27:40:77:bd:53:82:f7:fe:0d:e1:cf:98:7b:55:
bf:88:a7:78:3d:2d:00:31:d6:1b:b1:23:12:5c:87:a2:85:30:
64:d7:80:9b:02:e9:b9:05:ff:76:37:54:c3:98:77:89:24:31:
15:4b:91:c4:73:d6:36:97:e2:4b:dc:c2:cf:be:c2:57:a0:64:
85:25:51:a4:75:9c:24:45:21:63:8d:06:d8:58:6e:cd:07:db:
65:38:db:44:f6:16:36:d3:10:5d:3b:b2:50:ac:04:4d:41:2f:
05:37:27:7b:a0:31:1f:7d:8a:89:fe:61:99:f6:3a:7b:e3:e1:
12:be:be:e5:5a:09:26:ac:b6:a6:1a:7c:f5:23:c2:42:ad:8a:
26:ea:71:41:81:cf:5f:c3:78:3f:35:09:fa:2e:af:41:37:1c:
33:fa:0a:ca:ba:27:af:98:12:4d:84:19:a1:55:b3:ad:93:62:
46:43:31:ac:63:75:ab:62:71:38:3a:3c:79:06:29:1a:9e:41:
d9:94:36:f6
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIEGqbUmzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZDU5YzQzMjNmNzY3Y2U0ZmZjODVkYWFkMjA4YjkwYzA0ZmJkM2U5MB4XDTIyMDEw
MTE2MDI1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDVjNDhmNjlmNzMx
MmI3ZDEwNDkzYzExM2JiYTdiYTdlYTgxMTM0ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMtRMhQiuQGYaVzYHbckAxRakA10JsvFK1WCGU8she5rbD4b
TIOo5NholUH1hPXYf69tUPboYUZYGGXV+QT5KclY5CbgyWs38xNC4Yh1+8SrXBSj
KoQswbbf8M/eDDtCujUaQ35X1rGgnK1iBLTmp2lcTPgBtDj9Ah+799ASQg4T3cGp
YSS3vNG86LUC+q/aemfPp3LCjaBrZFq0CIlFXel0c1n54lAqgfdsXaNRJGbKeUPl
egiP9Kl2gNrNc+xg+gCVMUBGLPuPdi7GRNyxrS8KX0RuWtw5SY83XqPNzybyvHg4
b5/edACp8F+taQ5mP9pZwTAlQwRhDgN0iYkfB4cCAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBQFxI9p9zErfRBJPBE7unun6oETTzAfBgNVHSMEGDAWgBSNWcQyP3Z85P/I
XarSCLkMBPvT6TAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pWbkVNajkyZk9UX3lGMnEwZ2k1REFUNzAtay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjYvZjA5ZWNmLWU4MDUtNDE1OC1iMzE1LWYyYmU5ZjZjNjY0Yy8x
L0JjU1BhZmN4SzMwUVNUd1JPN3A3cC1xQkUwOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjYv
ZjA5ZWNmLWU4MDUtNDE1OC1iMzE1LWYyYmU5ZjZjNjY0Yy8xL2pWbkVNajkyZk9U
X3lGMnEwZ2k1REFUNzAtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wPQQCAAEwNwMEB1WZgAMDALBYMAoDAwOw6AMDALDs
AwQGwyHAAwMB1PwDAwDVDgMDANVKAwQF1f6AAwMA2YMwDQYJKoZIhvcNAQELBQAD
ggEBACluseUESea1Sh/DS4ODzxkSFNXtLeLGjiS2A5V0Aq8rGFtwyLOvc0rXaqZD
5MKeSohMPsWRP78Bq4cnQHe9U4L3/g3hz5h7Vb+Ip3g9LQAx1huxIxJch6KFMGTX
gJsC6bkF/3Y3VMOYd4kkMRVLkcRz1jaX4kvcws++wlegZIUlUaR1nCRFIWONBthY
bs0H22U420T2FjbTEF07slCsBE1BLwU3J3ugMR99ion+YZn2Onvj4RK+vuVaCSas
tqYafPUjwkKtiibqcUGBz1/DeD81Cfour0E3HDP6Csq6J6+YEk2EGaFVs62TYkZD
MaxjdaticTg6PHkGKRqeQdmUNvY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:22 2024 by rpki-client on console-ams.rpki-client.org